From cd9182c77fa61848a27def2bd0faf54ff71626ab Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 24 Mar 2014 12:03:12 -0500 Subject: [PATCH 1/2] Msftidy warning fix on Joomla module. Pre-commit hooks people. --- modules/auxiliary/gather/joomla_weblinks_sqli.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/auxiliary/gather/joomla_weblinks_sqli.rb b/modules/auxiliary/gather/joomla_weblinks_sqli.rb index e41ebb2c88..f987e4a68c 100644 --- a/modules/auxiliary/gather/joomla_weblinks_sqli.rb +++ b/modules/auxiliary/gather/joomla_weblinks_sqli.rb @@ -84,7 +84,7 @@ class Metasploit3 < Msf::Auxiliary file = datastore['FILEPATH'].unpack("H*")[0] catid = datastore['CATEGORYID'] - payload = catid.to_s + payload = catid.to_s payload << ") UNION ALL SELECT CONCAT(0x#{front_marker.unpack('H*')[0]}" payload << ",IFNULL(CAST(HEX(LOAD_FILE(" payload << "0x#{file})) AS CHAR),0x20),0x#{back_marker.unpack('H*')[0]})#" From cfdd64d5b16771cf3acf5f6781cf4e509d1bbd20 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 24 Mar 2014 12:16:59 -0500 Subject: [PATCH 2/2] Title, description grammar and spelling --- .../exploits/linux/ssh/quantum_vmpro_backdoor.rb | 5 +++-- .../unix/ssh/array_vxag_vapv_privkey_privesc.rb | 14 ++++++-------- .../exploits/unix/webapp/freepbx_config_exec.rb | 2 +- .../exploits/windows/browser/ms14_012_textrange.rb | 6 +++--- test/modules/post/test/get_env.rb | 2 +- 5 files changed, 14 insertions(+), 15 deletions(-) diff --git a/modules/exploits/linux/ssh/quantum_vmpro_backdoor.rb b/modules/exploits/linux/ssh/quantum_vmpro_backdoor.rb index e80a005a2b..cf0a526f89 100644 --- a/modules/exploits/linux/ssh/quantum_vmpro_backdoor.rb +++ b/modules/exploits/linux/ssh/quantum_vmpro_backdoor.rb @@ -15,9 +15,10 @@ class Metasploit3 < Msf::Exploit::Remote super(update_info(info, 'Name' => "Quantum vmPRO Backdoor Command", 'Description' => %q{ - This module abuses a backdoor command in vmPRO 3.1.2. Any user, even without admin + This module abuses a backdoor command in Quantum vmPRO. Any user, even one without admin privileges, can get access to the restricted SSH shell. By using the hidden backdoor - "shell-escape" command it's possible to drop to a real root bash shell. + "shell-escape" command it's possible to drop to a real root bash shell. This module + has been tested successfully on Quantum vmPRO 3.1.2. }, 'License' => MSF_LICENSE, 'Author' => diff --git a/modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb b/modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb index d276be11eb..7d24cb6064 100644 --- a/modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb +++ b/modules/exploits/unix/ssh/array_vxag_vapv_privkey_privesc.rb @@ -13,15 +13,14 @@ class Metasploit3 < Msf::Exploit::Remote def initialize(info={}) super(update_info(info, - 'Name' => "Array Networks vAPV and vxAG Private Key Privelege Escalation Code Execution", + 'Name' => "Array Networks vAPV and vxAG Private Key Privilege Escalation Code Execution", 'Description' => %q{ This module exploits a default hardcoded private SSH key or default hardcoded login and password in the vAPV 8.3.2.17 and vxAG 9.2.0.34 appliances made - by Array Networks. After logged in as the unprivileged user, it's possible to - modify the world writable file /ca/bin/monitor.sh with our arbitrary code. - Execution of the arbitrary code is possible by using the backend tool, running - setuid, to turn the debug monitoring on. This makes it possible to trigger our - payload with root privileges. + by Array Networks. After logged in as the unprivileged user, it's possible to modify + the world-writable file /ca/bin/monitor.sh with attacker-supplied arbitrary code. + Execution is possible by using the backend tool, running setuid, to turn the debug + monitoring on. This makes it possible to trigger a payload with root privileges. }, 'License' => MSF_LICENSE, 'Author' => @@ -79,7 +78,6 @@ class Metasploit3 < Msf::Exploit::Remote datastore['RHOST'] end - def rport datastore['RPORT'] end @@ -118,7 +116,7 @@ class Metasploit3 < Msf::Exploit::Remote end def login_user_pass(user, pass) - print_status("#{rhost}:#{rport} - Attempt to login with '#{user}:#{pass}'") + print_status("#{rhost}:#{rport} - Attempting to login with '#{user}:#{pass}'") opts = { :auth_methods => ['password', 'keyboard-interactive'], diff --git a/modules/exploits/unix/webapp/freepbx_config_exec.rb b/modules/exploits/unix/webapp/freepbx_config_exec.rb index 63ab31974e..6e105f510b 100644 --- a/modules/exploits/unix/webapp/freepbx_config_exec.rb +++ b/modules/exploits/unix/webapp/freepbx_config_exec.rb @@ -14,7 +14,7 @@ class Metasploit3 < Msf::Exploit::Remote super(update_info(info, 'Name' => "FreePBX config.php Remote Code Execution", 'Description' => %q{ - This module exploits a vulnerability found in FreePBX version 2.9, 2.10, 2.11. + This module exploits a vulnerability found in FreePBX version 2.9, 2.10, and 2.11. It's possible to inject arbitrary PHP functions and commands in the "/admin/config.php" parameters "function" and "args". }, diff --git a/modules/exploits/windows/browser/ms14_012_textrange.rb b/modules/exploits/windows/browser/ms14_012_textrange.rb index 668afd64f9..2a1743a641 100644 --- a/modules/exploits/windows/browser/ms14_012_textrange.rb +++ b/modules/exploits/windows/browser/ms14_012_textrange.rb @@ -15,10 +15,10 @@ class Metasploit3 < Msf::Exploit::Remote 'Name' => "MS14-012 Internet Explorer TextRange Use-After-Free", 'Description' => %q{ This module exploits a use-after-free vulnerability found in Internet Explorer. The flaw - was most likely introduced back in 2013, therefore only certain builds of MSHTML are + was most likely introduced in 2013, therefore only certain builds of MSHTML are affected. In our testing with IE9, these vulnerable builds appear to be between - 9.0.8112.16496 and 9.0.8112.16533, which implies August 2013 until early March 2014 - (before the patch). + 9.0.8112.16496 and 9.0.8112.16533, which implies the vulnerability shipped between + August 2013, when it was introduced, until the fix issued in early March 2014. }, 'License' => MSF_LICENSE, 'Author' => diff --git a/test/modules/post/test/get_env.rb b/test/modules/post/test/get_env.rb index 6fdbaae8b6..934dd40828 100644 --- a/test/modules/post/test/get_env.rb +++ b/test/modules/post/test/get_env.rb @@ -13,7 +13,7 @@ class Metasploit4 < Msf::Post def initialize(info={}) super( update_info( info, - 'Name' => 'Testing Get Envs', + 'Name' => 'Test Post::Common Get Envs', 'Description' => %q{ This module will test Post::Common get envs API methods }, 'License' => MSF_LICENSE, 'Author' => [ 'Ben Campbell'],